Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/0B_-fCyLXp7fUsWOj-653bKohWc.roa
File:                     0B_-fCyLXp7fUsWOj-653bKohWc.roa (raw, json)
Hash identifier:          Y+dKm3SHW56iDu1ZP9jbGp26P92Eyq4+86SkrCqeKGU=
Subject key identifier:   D0:1F:FE:7C:2C:8B:5E:9E:DF:52:C5:8E:8F:EE:B9:DD:B2:A8:85:67
Certificate issuer:       /CN=b498c97b14c374a52833db6a4007b54b4662c5a9
Certificate serial:       019ECC44C4B041F40A24B171483ADF073CAD
Authority key identifier: B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/0B_-fCyLXp7fUsWOj-653bKohWc.roa
Signing time:             Mon 15 Jun 2026 17:11:59 +0000
ROA not before:           Mon 15 Jun 2026 17:11:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203273
IP address blocks:        91.196.161.0/24 maxlen: 24
                          91.196.162.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:44:c4:b0:41:f4:0a:24:b1:71:48:3a:df:07:3c:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b498c97b14c374a52833db6a4007b54b4662c5a9
        Validity
            Not Before: Jun 15 17:11:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d01ffe7c2c8b5e9edf52c58e8feeb9ddb2a88567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0b:54:41:bd:fc:cb:48:88:5e:82:44:63:88:
                    0e:f7:0d:33:b4:1d:a2:00:97:84:d2:7f:16:a3:1a:
                    43:18:c0:fd:c2:43:c3:e6:e6:30:2f:2f:7d:56:ef:
                    fc:be:d6:2d:f8:cd:f2:3e:f0:80:32:f1:bf:f6:21:
                    28:14:10:55:59:14:0f:0e:6f:b6:f5:23:be:12:16:
                    92:0c:48:4c:3b:2c:ff:8d:8f:0d:19:45:c7:f4:55:
                    77:82:f2:71:34:c8:49:4a:85:e9:6d:6c:c0:f1:a2:
                    95:86:9e:0d:36:93:21:11:04:a8:0b:87:ab:95:0b:
                    d2:25:b1:db:ad:e0:4a:98:64:d1:1d:90:4c:2d:95:
                    83:99:c0:ff:fc:67:60:b3:4a:87:6f:fe:ec:f5:94:
                    3e:51:a2:8d:cf:25:20:21:06:b4:14:7a:e6:a3:94:
                    3c:56:e8:96:2a:9c:ec:20:b1:52:38:e6:32:19:21:
                    59:09:e9:03:38:db:7e:ae:0c:2e:c9:cb:09:03:aa:
                    fc:7c:82:25:b1:be:e1:1c:c6:92:93:11:af:60:87:
                    b7:52:ed:16:e1:59:39:34:98:d3:11:28:88:f8:1e:
                    27:dc:e3:11:e0:45:8f:1c:c0:4e:8e:e5:ed:77:43:
                    c2:aa:16:0a:f4:1c:21:ce:4c:2a:a6:61:f8:a5:a6:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:1F:FE:7C:2C:8B:5E:9E:DF:52:C5:8E:8F:EE:B9:DD:B2:A8:85:67
            X509v3 Authority Key Identifier:
                keyid:B4:98:C9:7B:14:C3:74:A5:28:33:DB:6A:40:07:B5:4B:46:62:C5:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tJjJexTDdKUoM9tqQAe1S0Zixak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/0B_-fCyLXp7fUsWOj-653bKohWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1470f5-c316-4fff-9c37-8654266457c6/1/tJjJexTDdKUoM9tqQAe1S0Zixak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.161.0-91.196.163.255

    Signature Algorithm: sha256WithRSAEncryption
         c4:ea:30:4c:ca:24:0e:23:f8:4d:35:37:82:5e:b9:0a:41:0d:
         9d:76:28:b7:57:c1:0a:c0:31:43:a9:30:e4:9c:05:87:c1:6c:
         71:c5:af:b4:78:4b:5a:83:37:26:1f:85:c9:cd:b4:74:10:f4:
         a2:4f:4a:57:41:33:70:e5:81:65:9d:30:f4:36:47:bd:59:85:
         7a:b9:c9:87:13:7b:9f:09:3f:d7:e0:8c:e0:4c:66:ad:4a:49:
         a3:25:f9:6f:e0:b9:d9:10:7d:c0:a5:47:a4:00:76:30:f7:b4:
         b6:a4:e5:8b:7e:c8:1d:18:1f:ee:20:a6:a0:c3:6f:bc:aa:e2:
         19:57:22:b3:29:36:3a:83:f1:7f:eb:5d:a6:9c:8e:d2:c5:36:
         08:1f:88:4c:c1:79:c6:38:d4:33:d8:75:70:36:3e:16:6d:30:
         13:c6:aa:a7:33:5a:d5:48:62:e5:a3:6b:2c:5a:98:b5:e9:28:
         c0:96:e4:9c:3d:4b:05:bb:b3:15:71:3c:5c:5e:34:40:f0:30:
         a4:b3:fa:de:c4:c0:30:db:91:47:9e:e8:fd:22:20:82:62:ec:
         90:94:02:17:6d:0d:e9:dd:87:c0:7e:df:14:de:eb:ad:9b:3a:
         ee:cf:db:f8:98:ec:68:e3:2c:dd:29:89:7e:af:ac:8a:f0:0a:
         db:12:df:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ7MRMSwQfQKJLFxSDrfBzytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OThjOTdiMTRjMzc0YTUyODMzZGI2YTQwMDdiNTRiNDY2
MmM1YTkwHhcNMjYwNjE1MTcxMTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDFmZmU3YzJjOGI1ZTllZGY1MmM1OGU4ZmVlYjlkZGIyYTg4NTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgtUQb38y0iIXoJEY4gO9w0ztB2i
AJeE0n8WoxpDGMD9wkPD5uYwLy99Vu/8vtYt+M3yPvCAMvG/9iEoFBBVWRQPDm+2
9SO+EhaSDEhMOyz/jY8NGUXH9FV3gvJxNMhJSoXpbWzA8aKVhp4NNpMhEQSoC4er
lQvSJbHbreBKmGTRHZBMLZWDmcD//Gdgs0qHb/7s9ZQ+UaKNzyUgIQa0FHrmo5Q8
VuiWKpzsILFSOOYyGSFZCekDONt+rgwuycsJA6r8fIIlsb7hHMaSkxGvYIe3Uu0W
4Vk5NJjTESiI+B4n3OMR4EWPHMBOjuXtd0PCqhYK9BwhzkwqpmH4pabRKQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNAf/nwsi16e31LFjo/uud2yqIVnMB8GA1UdIwQY
MBaAFLSYyXsUw3SlKDPbakAHtUtGYsWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzct
ODY1NDI2NjQ1N2M2LzEvMEJfLWZDeUxYcDdmVXNXT2otNjUzYktvaFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xNDcwZjUtYzMxNi00ZmZmLTljMzctODY1NDI2NjQ1N2M2
LzEvdEpqSmV4VERkS1VvTTl0cVFBZTFTMFppeGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbxKED
BAJbxKAwDQYJKoZIhvcNAQELBQADggEBAMTqMEzKJA4j+E01N4JeuQpBDZ12KLdX
wQrAMUOpMOScBYfBbHHFr7R4S1qDNyYfhcnNtHQQ9KJPSldBM3DlgWWdMPQ2R71Z
hXq5yYcTe58JP9fgjOBMZq1KSaMl+W/gudkQfcClR6QAdjD3tLak5Yt+yB0YH+4g
pqDDb7yq4hlXIrMpNjqD8X/rXaacjtLFNggfiEzBecY41DPYdXA2PhZtMBPGqqcz
WtVIYuWjayxamLXpKMCW5Jw9SwW7sxVxPFxeNEDwMKSz+t7EwDDbkUee6P0iIIJi
7JCUAhdtDendh8B+3xTe662bOu7P2/iY7GjjLN0piX6vrIrwCtsS36s=
-----END CERTIFICATE-----
Generated at Wed Jul 1 02:34:02 2026 by rpki-client